Description
WordPress Plugin Import all XML, CSV & TXT into WordPress is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information (usernames, hashed passwords and email addresses) that may help in launching further attacks. WordPress Plugin Import all XML, CSV & TXT into WordPress version 3.6.74 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 3.6.75 or latest
References
Related Vulnerabilities
WordPress Plugin PowerPress Podcasting by Blubrry Cross-Site Scripting (10.0)
WordPress Plugin Jigoshop Information Disclosure (1.17.9)
WordPress Plugin Flight Search Widget and Blocks Cross-Site Scripting (1.1.0)
WordPress Plugin WP SEO Tags Cross-Site Scripting (2.2.7)
WordPress Plugin Social Rocket-Social Sharing Cross-Site Request Forgery (1.2.9)